4

Abstract

With the decrease in cost of electronic storage media, more and more sensitive
data gets stored in those media. Laptop computers regularly go missing, either
because they are lost or they are stolen. These laptops contain confidential
information, in the form of documents, presentations, emails, cached data, and
network access credentials. This confidential information is typically far more
valuable than the laptop hardware, if it reaches right people. This seminar describes
the most commonly used encryptiol algorithm, Advanced Encryption System (AES)
which is used for many of the confidential data storage methods.
 5

Introduction
As the cost of electronic storage declines rapidly, more and more sensitive
data can be stored on media such as hard disks , CDs, and pen drives. Many
computers store data about personal finances, online transactions, tax records,
passwords for bank accounts and emails. All these sensitive information are
vulnerable to theft. Sensitive data may also be leaked accidentally due to improper
disposal or resale of storage media. Ensuring integrity in today’s interconnected
world, however, is exceedingly difficult. The general concept of secure handling of
data is composed of three aspects : confidentiality, integrity, and availability.
Confidentiality involves ensuring that information is not read by unauthorized
persons.

Encryption
Encryption is the process of transforming information (referred to as plaintext)
using an algorithm (called cipher) to make it unreadable to anyone except those
possessing knowledge, usually referred to as a key. The unreadable text created is
known as cipher text. The reverse process is known as decryption. There are two basic
techniques for encrypting information: symmetric encryption (also called secret key
encryption)and asymmetric encryption(also called public key encryption).Symmetric
encryption is the oldest and best-known technique. A secret key, which can be a
number, a word, or just a string of random letters, is applied to the text of a message
to change the content in a particular way. This might be as simple as shifting each
letter by a number of places in the alphabet. As long as both sender and recipient
know the secret key, they can encrypt and decrypt all messages that use this key.
 6

Advanced Encryption Standard

In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key
encryption standard adopted by the U.S. government. The standard comprises three
block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection
originally published as Rijindael. Each of these ciphers has a 128-bit block size, with
key sizes of 128,192 and 256 bits, respectively. The AES ciphers have been analysed
extensively and are now used worldwide, as was the case with it predecessor, the
Data Encryption Standard (DES).AES was announced by National Institute of
Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November
26. There are three versions of AES with 10,12 and 14 rounds. The key size can be
128,12 or 256 bits depending on the number of rounds. General design of an AES
encryption cipher is given in Fig 2.

AES uses five units of measurements to refer to data: bits, bytes, words,
blocks and state. Bit is a binary digit with a value of 0 or 1. Byte is a group of 8 bits
that can be treated as a single entity, a row matrix (1 x 8) of 8 bits. A word is a group
of 32 bits that can be treated as a single entity, a row matrix of 4 bytes. A block is
group of 128 bits.AES encrypts and decrypts data blocks.AES uses several rounds in
which each round is made of several stages. Data block is transformed from one stage
to another. At the beginning and end of the cipher, AES uses the term data block
before and after each stage, the data block is referred to as a state.
 7

Structure of each round

Fig.3.Structure of each round

Fig 3. shows the structure of each round at the encryption side. Each round
except the last uses four transformations those are invertible. The last round has only
3 transformations. One Add Round Key is applied before the first round. The third
transformation is missing in the last round. At the decryption site, the inverse
transformations are used.

Sub Bytes
The first transformation, Sub Bytes is used at the encryption site. To substitute
a byte, we interpret the byte as two hexadecimal digits. The left digit defines the row
and the right digit defines the column of the substitution table. The two hexadecimal
digits at the junction of the row and the column are the new byte. In the Sub Byte
transformation a state is treated as a 4 x 4 matrix of bytes. Transformation is done one
byte at a time. The content of each byte is changed, but the arrangement of bytes in
the matrix remains the same. Fig 4. Shows this idea.
 8

Fig 4.Sub Byte

Sub Rows
Shifting is the permutation of bytes. Unlike DES, in which permutation is
done at the bit level, shifting transformation in AES is done at the byte level; the order
of bits in the byte is not changed. The number of shifts depends on the row number(0,
1, 2 or 3)of the state matrix. This means the row 0 is not shifted at all and the last row
is shifted three bytes. Fig 5.shows this idea.

Fig.5 Sub Rows

Mix Columns
Mix Columns transformation operates at the column level, it transforms each
column of the state to a new column. The transformation is actually the matrix
multiplication of a state column by a constant square matrix. The bytes in the state
column and constant matrix are interpreted as 8-bit words(or polynomials).
 9

Effectively a matrix multiplication in GF(28) using prime polynomial m(x) =x 8+x4

+x3 +x+1. Fig 6. shows this idea

Fig.6 Mix Columns

Add Round Key

Add Round Key adds a round key word with each state column matrix.
Similar to mix column, Add Round Key also proceeds column by column.AES uses a
process called Key Expansion that creates N r + 1 round keys from the cipher key.

AES Key Expansion

The AES key expansion algorithm takes as input a 4-word key and produces a
linear array of 44 words. Each word contains 32 bytes which means each sub key is
128 bits long.

Fig.7 Key Expansion

 10

Confidential Data Storage

Achieving confidentiality means storing data in a way that can be read or
deciphered only by authorized persons. No unauthorized persons should be able to
read or otherwise obtain meaningful information from this data, even with physical
access to the storage media (e.g., a stolen laptop,).Always ensure that our data can be
secure, accessed and maintained by authorized person. Keep secure all our personal
data and information is too important.
Fig 7 shows the storage data paths for popular Unix-based and Windows
operating systems. For both platforms, applications reside in user space. When a Unix
application makes a call to a file system, the call crosses the kernel boundary and is
handled by the Virtual File System (VFS) layer. VFS provides functions commonly
used in various file systems to ease individual file system implementations, and
allows different file systems to coexist, including local file systems such as ext3 and
network file systems such as NFS.
Local file systems then proceed to read and write to the block layer, which
provides a unified API to access block-layer devices.
When a Windows application makes a file system call, that call gets passed
to the I/O Manager. The I/O Manager translates application file system calls into I/O
request packets, which it then translates into device-specific calls.
The File System Drivers are high-level drivers such as

 FAT
 NTFS

These drivers rely on the Storage Device Drivers, which are lower-level
drivers that directly access the storage media. Note that, both UNIX and Windows
storage data paths share almost one-to-one mapping in terms of their internal
structures. Thus, a confidential storage solution designed for one can be generalized to
both platforms.
 11

Fig.8 Unix and window storage path

Block based Encryption System

Block-based encryption systems work at a lower layer of abstraction than file
systems. In other words, these systems work transparently below file systems to
encrypt data at the disk-block level. Examples of block based encryption systems
include dm-crypt, Best Crypt, the Crypto Graphic Disk driver, the Encrypted Volume
and File System, and Microsoft BitLocker Drive Encryption.

Microsoft Bit Locker

BitLocker is not a software-only technology. Every software-only solution is
vulnerable to software-only attacks. BitLocker makes use of the TPM security chip
which will be incorporated in most PCs in the near future. Though the TPM has many
functions, BitLocker uses only a few basic ones. The TPM keeps several Platform
Configuration Registers, or PCRs. At power-up the PCRs are set to zero. PCRs are
only modified by the extend function which sets a PCR to the hash of its old value
and a supplied data string. We can think of a PCR as a hash over all the data strings
provided in extend function calls for that PCR. There is no other way to set the value
of a PCR, so if a PCR has value x after a sequence of extends, then the only way to
reach the value x again is to perform the exact same sequence of extends after a
power-up.
 12

During the boot process the PCRs are used to keep track of the code that
runs.The key used to encrypt the disk is sealed against a particular set of PCR values.
During a normal boot the PCRs reach the s ame values, and the key can be unsealed
by the TPM. If an attacker boots into any other operating system, the machine will be
fully functional but the PCR values will be different and the TPM will not unseal the
key. Thus, other operating systems cannot read the data on the disk, or find out how to
modify the disk to reset the Administrator password.

User Space File System

User-space file systems take advantage of the File system in User space
(FUSE) module, which is a Unix kernel module that allows a virtual file system to be
built inside a user-space program without having to write any kernel-level code.
FUSE intercepts VFS calls and directs them to a user-space file system with added
security features before forwarding requests to an underlying legacy file system in the
kernel space. Two examples of FUSE-based secure storage file systems include
EncFS and CryptoFS. Both systems are similar in

i. Storing encrypted files and file names in encrypted directories.

ii. Requiring users to mount encrypted directories onto a special mount point
with the correct key to see decrypted files and file names.
iii. Prompting users for a password to generate the encryption key.
iv. Typically supporting common encryption algorithms such as AES, DES,
Blowfish, Twofish, based on what is available in external encryption libraries.

Encryption Programs
Software encryption programs come in two flavours: generalized encryption
Programs and built-in encryption mechanisms in applications. Generalized encryption
programs can encrypt and decrypt files using a variety of ciphers and encryption
modes; several examples are mcrypt, openssl, and gpg. Many applications also
include cryptographic options to protect the confidentiality of files. Examples include
the text editor vim and Microsoft Office products such as Word and Excel.
 13

Confidential Data Erasure

When confidential data have to be removed, we must be sure that once
deleted, the data can no longer be restored. A full secure data lifecycle implies that
data is not only stored securely, but deleted in a secure manner as well.

Many forensic techniques are available to the determined (and well-funded)

attacker to recover the data. CMRR scanning microscopes can recover data on a piece
of a destroyed disk if any remaining pieces are larger than a single 512-byte record
block in size, which is about 1/125” on today’s drives. Magnetic force microscopy
and magnetic force scanning tunneling microscopy analyze the polarity of the
magnetic domains of the electronic storage medium and can recover data in minutes.
A less well-funded attacker can resort to many drive-independent data recovery
techniques, which may be used on most hard drives independently of their make. The
existence of these recovery techniques makes it mandatory that sensitive data be
securely deleted from its storage media.

Confidential data deletion can be accomplished in three ways: physical

destruction of the storage medium, overwriting all of the sensitive data, and secure
overwriting the key of encrypted sensitive data.

Other Challenges
When confidential data have to be removed, we must be sure that once
deleted, the data can no longer be restored. A full secure data lifecycle implies that
data is not only stored securely, but deleted in a secure manner as well. However,
typical file deletion (encrypted or not) only removes a file name from its directory or
folder.

Hard Disk Issues

Two hard-disk-specific issues we must consider in relation to confidential data
deletion include bad sector forwarding and storage-persistent caches. Bad sectors are
disk locations that cannot be accessed consistently, developed during the normal use
of a hard disk. Bad sector forwarding is performed transparently at the hardware level,
in which the firmware identifies and remaps a bad sector to a reserved area.
 14

Data Life Time Problem

The data lifetime problem addresses the phenomenon of various copies of
sensitive data, such as passwords or encryption keys, being scattered all over a
computer system during normal system operation. These locations include numerous
buffers (such as string buffers, network buffers, or operating system input queues),
core dumps of memory, virtual memory, swap, hibernation values, and unintended
leakage through application logs or features.

The attack model in this seminar assumes that any attacks to recover sensitive
data are staged after the computer has been powered off, so volatile leakage of data
such as buffers, queues, and memory are beyond the scope of this survey.

Conclusion
This seminar took a look at the methods, advantages, and limitations of
confidential storage and deletion methods for electronic media in a non distributed,
single-user environment, with a dead forensic attack model. Confidential data-
handling methods are compared using characteristics associated with confidentiality,
policy, ease-of-use, and performance. Clearly, a combined solution that can store and
remove confidential information should have the following ideal characteristics:

 High confidential storage and deletion granularity.

 Acceptable performance overhead in terms of storage and deletion.
 Enhanced security policy support to enable key revocation, encryption
algorithm/mode of operation change and mitigation, and erasure technique
 Confidential storage and erasure of file and directory metadata
 Easy to use with minimal user awareness.
 15

References

1.Diesburg, S. M. and Wang, A. A. 2010. “A survey of confidential data storage and

deletion methods”. ACM Comput. Surv. 43, 1, Article 2 (November 2010), 37 pages.
http://doi.acm.org/10.1145/1824795.1824797.
2. Parno, Bryan. “The Trusted Platform Module (TPM) and Sealed Storage”. TPM
Documentation. June 21st, 2007.
3.Behrouz A.Forouzan 2008. “Cryptography & Network Security”. New Delhi : Tata
McGraw-Hill Publishing Company Limited.